- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sat, 8 Jul 2017 13:23:33 +0200
- To: Web Payments IG <public-webpayments-ig@w3.org>
Maybe of interest to the Security Task Force: https://www.openbanking.org.uk/read-write-apis/payment-initiation-api/v1-0-0/#basics-headers Apparently they use a signature based on a detached JWS supplied as a header parameter and where the data to be signed is simply the HTTP body "as is". So at this stage we have not less than three entirely different ways of dealing with signed JSON: - OpenBanking(UK) as described above - The Linked Data Signature scheme (initially) created by Digitalbazaar and adopted by the Verified Credentials CG: https://github.com/w3c-dvcg/ld-signatures - My JSON Cleartext Signature scheme: https://cyberphone.github.io/doc/security/jcs.html Anders
Received on Saturday, 8 July 2017 11:24:10 UTC